Singularity 3.7.3
Singularity 3.7.3 is the previous stable release of Singularity prior to Sylabs' fork from github.com/hpcng/singularity
The downloads provided here are identical to those provided at https://github.com/hpcng/singularity/releases/tag/v3.7.3
This release is provided for convenience to users arriving from outdated links. Future releases posted here will be made from the code-base of this Sylabs fork.
Singularity 3.7.3 is a security release. We recommend all users upgrade to this version.
Security Related Fixes
CVE-2021-29136: A dependency used by Singularity to extract docker/OCI image layers can be tricked into modifying host files by creating a malicious layer that has a symlink with the name "." (or "/"), when running as root. This vulnerability affects a singularity build or singularity pull as root, from a docker or OCI source, as well as the implicit build to SIF that occurs through root use of run/exec/shell against a malicious docker/OCI image URI.
Thanks / Reporting Bugs
Thanks to our contributors for code, feedback and, testing efforts!
As always, please report any bugs to: https://github.com/hpcng/singularity/issues/new
If you think that you've discovered a security vulnerability please report it to: [email protected]
Have fun!
Downloads
Please use the singularity-3.7.3.tar.gz download below to obtain and install Singularity 3.7.3. The GitHub auto-generated 'Source Code' downloads do not include required dependencies etc.